I have a use case where i want to create a chat bot to log user requests in our request tracking tool.
I'm having difficult in extracting is the action requested by user, as it need not follow any pattern.
Examle user requests may be
create case restart service srv1
can you please create a case to restart the service srv1
can you create a case to resend report1 and assign it to #username
unable to login to application. please create a case
In above cases, i want to create an entity with following values
restart the service srv1, resend report1, unable to login to application etc.
Can you suggest the best way to extract the user request. As of now, i'm capturing the whole request which is not very elegant.
Related
I have API backend and it will be consumed by different consumers like our own company website and even other website can use our API with certain quota/limitation and for this scope management we will be using express-gateway(eg), however this is not the only reason I am using express-gateway(eg). Now coming to my problem/miss-understanding, for our own website we can create api-key and user credentials using eg command. But for the other user who wishes to use our api, I don’t want them to contact me for this integration, rather they should be able to create a user credentials and API key themselves using some facility (let us call it key management) provided by us. Here I am stuck how to give a web platform or any other mechanism where a user can create account and then create api-key for their own website. I was thinking to extend the express-gateway app itself and create page where a website owner can fill the form with various input field that will serve as parameter for eg command and I can trigger eg command in node console and create credentials and save it in redis database and then fetch those information to show it to user as their use rid and api-key. But I want to know the best way how others are doing, like how google, twitter and many more are allowing to create api-key, delete key and regenerate the api-key on compromise. Some suggestion would be to use third party tool to manage user-credentials, I will have little inertia to accept that, even if I do so how will I hook those third-party solution to my express-gateway.
In general, API gateways and authentication servers are independent, or at least loosely-coupled. The typical workflow is:
A user browses to the Create Account page for a service.
The user creates an account with the authentication server
The user makes a request through the API gateway
The API gateway checks with the authentication server whether the operation is allowed, discarding it if the user is not authorized to perform the requested action
The API gateway dispatches the request to the appropriate server
The receiving server checks whether the user is permitted to perform the action (in case the API gateway has been compromised)
Express Gateway includes its own authentication server for convenience, but the steps are basically the same. The difference is that one uses the Express Gateway Admin API to create the user and credentials rather than going to a different server.
Note that Express Gateway and its default account database (reddis) are not persistent out of the box.
I have a Spring Boot-application with a public REST-API. The user authentication is handled by Keycloak. Users can use the API to submit jobs, which are then executed periodically as a Spring Batch. Some of these jobs require the user to be notified via eMail after completion.
The application currently does not store any user-related information, except the ID of the user, who submitted the job. My problem is now, that I need the eMail-address belonging to that User-ID to send the job-completion notification. The JWT passed to the API, which contains this information, can't be used at this time, since the job is executed asynchronous in the batch-context.
I came up with 2 possible solutions so far, which both have their own drawbacks in my opinion:
solution 1: extracting the required information from the JWT and persist them in the application's database for later use
drawbacks:
the application should not be concerned with storing user-information; it also shouldn't duplicate data controlled by other applications
the user might change its eMail-address in the primary user-database, without getting noticed by my application
solution 2: requesting user-details as needed by using Keycloak-APIs.
This looks theoretically like a good approach to me. The suggested solutions on SO utilize the Keycloak Admin-API (endpoint /auth/admin/realms/{realm}/users/{user-id}) to fetch user-details. This requires the application to be configured as a "confidential client" with own client-credentials and an enabled service account. What bothers me here: It appears a bit strange to me, that a regular application without any special privileges uses an Admin-API. Also, the users-endpoint is not restricted to users, which have previously given consent to access their data.
Is there a good way to solve this problem?
If job requires an e-mail for its completion, why doesn't it request it as start parameter and just keep it in memory?
This is how I would proceed:
#Controller extracts e-mail from ID token on the end-point from which the user triggers job start
user e-mail is provided among other parameters to the job
job completes sending the e-mail
e-mail is lost, with other job resources
Suppose I have an application in which I have enabled (google) Oauth2 authentication but I want only a few business people can log in to my application with there specific email id and rest of the people can't. How Can we achieve this using Oauth2?
1.) Lots of people have a Google account and can authenticate with Google
2.) I want Only some of them should be authorized to use your app, which maybe deals with business assets
I suspect your requirement is:
Lots of people have a Google account and can authenticate with Google
Only some of them should be authorized to use your app, which maybe deals with corporate assets
In this case I would proceed something like this:
STEP 1: PREREQUISITE USER SETUP
Get a list of users and perform an Administrator Approval step to create them in your product database, perhaps with Name and Email fields.
STEP 2: INCLUDE THE EMAIL SCOPE DURING LOGINS
In the Google login redirect, use scope='openid email' so that you can identify the user via email after login. Allow users to successfully authenticate.
STEP 3: AFTER LOGIN PROCESS THE ACCESS TOKEN
You will then get then be able to get the user's email address from the access token (though you may have to send it to the Google User Info endpoint).
STEP 4: DENY ACCESS WHEN REQUIRED
If you can't find the email associated to the token in your product user data, present a Forbidden message to the user.
FURTHER INFO
See my User Data Write Up for further details on technical options. Note that I have not actually tested this with Google, but I have used the general approach with a few different systems.
I want to register a plug-in in Plugin Registration Tool when a user logs in to Dynamics CRM. For this I don't want to use Audit. I want to catch the login event directly.
If this is not possible, is there any log that is create in every login of the user.
As far as I know, No you cannot do so.
But CRM has provided few different ways where you can check which users are currently working/logged in.
Go to Settings--> System Settings--> Auditing and then you can enable audit user access.
Above will enable for all users and then you can see audit data as below.
Ref for 1st option https://blogs.msdn.microsoft.com/emeadcrmsupport/2015/07/09/dynamics-crm-audit-user-access-data/
Now another way you can do so it visit url https://admin.powerplatform.microsoft.com/
Here go under analytics and then common data service. You wil get most of the info
High level design of what I would do:
Make/identify a default dashboard for all users and keep a HTML web resource in there
Web resource can have a method to invoke Xrm.WebApi.online.execute for executing a Custom Action by passing parameter to include IP, Lat, Lon, Browser details. Read more
Register a plugin on Custom Action message to trigger and achieve what you want there
I want to Create a user screen with Two authentications (SMS and Email)
User will receive email to verify and activate his account first.
After that he set password and he will receive SMS massage to verify the password.I want to do this in Oracle apex.I have tried Custom Authentication but i didn't found fruitful, Any one have some good idea to achieve this.
after u take care of the email and sms verification, u should store that data in the data base and create a function to use in your custom authentication that verifies if the user is already validated.
put the function in shared components -> authentication schemes -> settings -> Authentication Function Name
(the function must return true or false to allow the login)
I'm not a fan of using SMS for Two-Factor Authentication, but if you must, perhaps this might demo implementation for Time-based One Time Password (TOTP) might give you some ideas: https://github.com/fuzziebrain/orclapex-tfa-demo
I provided some background information here as well: https://fuzziebrain.com/content/id/1718/
Good luck!
I have achieved this in one of my APEX project but only with the e-mail. For the sms I use it in another context but you could still do it. You will need a smtp server ( you can run one on your server ) and for the sms you will need an external provider. In your oracle database, create a table called OTP ( one time password ).
This table contains a foreign key to a user. When the user creates an account, run a dynamic action in pl/sql that will generate a random 6 digit number that will be encrypt in your OTP table. This dynamic action will also send an email to the user with APEX_MAIL. The full documentation for how to use APEX-MAIL is here and it is pretty easy to use. You can send the user the password for authentication trough email.
Create a new session user called user_na (not authenticated) and make it so that when he connects, the only page he can see is a page with a text field to enter the password he receive through email. After he enters it, encrypt it the same way you did when he created an account and compare the password in the OTP table. If they match , change his account type to user and then he will be able to access every page that you made accessible for the users.
If you also want to send an sms, I recommend using this tutorial. The sms provider have a free trial if you want to test. If you have any questions don’t hesitate to ask I can easily help you with this.
NOTE: if you don’t want to create different session_users you can just add a column in your user table named authenticated. Set it to 0 by default and to 1 when he enters the email password. Then, when he log in, check if this value is 0 or 1 to know which page you should redirect him to.